Closed hmalpani closed 5 months ago
@mrdeep1
CVE-2024-0962
? When can we expect new bugfix release of libcoap containing the fix for CVE-2024-0962?
There is a tagged libcoap release that has this fix in - which I can use to update idf-extra-components. In the near term, we are planning on getting out a Release Candidate which covers this CVE with other updates as well which I will be putting into idf-extra-components.
Do you want me to update the code with the tagged fix?
When can we expect new bugfix release of libcoap containing the fix for CVE-2024-0962?
There is a tagged libcoap release that has this fix in - which I can use to update idf-extra-components. In the near term, we are planning on getting out a Release Candidate which covers this CVE with other updates as well which I will be putting into idf-extra-components.
Do you want me to update the code with the tagged fix?
I thought upgrade to official 4.3.5
would be a cleaner solution. It will also help to align our component version.
At the moment, I see only 4.3.4a
tag here https://github.com/obgm/libcoap/tags. If we plan to upgrade to this tag, then I am not sure what will be the corresponding IDF component version.
Yes, 4.3.4a
contains the CVE fix. I had assumed that coap/idf_component.yml
version would become "4.3.4~2", but I guess something else might not like 4.3.4a
.
Certainly4.3.5
would be cleaner.
Add config option to enable/disable Q-Block option
Fixes: https://github.com/espressif/idf-extra-components/issues/324